Researchers say pirates will likely use easier routes to crack the scheme, but that espionage risk is possible

Intel Corp. (INTC) has enjoyed a profitable ride off its High-bandwidth Digital Content Protection (HDCP) hardware, which sits inside nearly every TV/computer monitor with HDMI or DVI input. The HDMI/DVI chips with HDCP functionality open a secure encrypted channel from a source (e.g. a Blu-ray player) to a computer monitor or TV.

I. Defeating HDCP Was Easy

Even as other content protection schemes were defeated, HDCP hung strong. But in 2010, the master key leaked for HDCP giving the world the first hope of cracking the scheme. But Intel reassured its partners that they had nothing to worry about -- they laughed that unless would-be hardware hackers "made a computer chip" the scheme would be safe.
The only thing they forgot about was the growing amount of cheap reprogrammable chips known as field programmable gate arrays (FPGAs), which allow you to quickly make and test chip designs in software.

Using an ATLYS board manufactured by a company named Digilent, researchers at the Ruhr-Universität Bochum (RUB) -- a college in the town of Bochum, located roughly 2 hr. and 15 min. northwest of Frankfurt -- were able to carry out a-man-in-the-middle attack, with the FPGA posing as a legitimate interface chip and going undetected.

Prof. Dr.-Ing. Tim Güneysu, the principal investigator and senior author of the work summarizes [press release], "We developed an independent hardware solution instead, based on a cheap FPGA board. We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver."

The ATLYS board cost only 200€ (~$267). The board comes with a Xilinx, Inc. (XLNX) Spartan-6 series FPGA, DRAM, HDMI interfaces, and a serial RS232 port. Most of the work on the project was carried out by final-year student Benno Lomb.

The little board that slew HDCP 1.x. [Image Source: RUB]

Dr.-Ing. Güneysu summarizes Intel's claims of invulnerability as foolish arrogance. He states, "[O]ur intention was to fundamentally investigate the safety of the HDCP system and to financially assess the actual cost for the complete knockout. The fact that we have achieved our goal in a degree thesis and with material costs of approximately 200 Euro definitely does not speak for the safety of the current HDCP system."

II. The Current Dangers -- Piracy, Not so Much, Espionage Maybe.

The work will be presented at the international security conference ReConFig 2011 in Cancun, Mexico, which is being held between Nov. 30 (Wed.) and Dec. 2 (Fri.).

It is unknown whether the team will publish their FPGA code, which could allow pirates and hardware hackers to buy FPGAs and defeat the protection. However, they insist that their goal was not to promote piracy. They say there's other far simpler ways of defeating HDCP available to pirates.

In October 2008 Intel released HDCP 2.0, which provides additional protection against this kind of attack. The hardware is currently on HDCP 2.1. But legacy systems abound and remain vulnerable to the HDCP 1.x capable attacks. The researchers say this could pose a security threat to the military or government agencies.

They can't revoke it. It was the master key which was leaked. It's the key which is used to make the revokable keys you give to manufacturers. Replacing the master key would mean making all those keys (i.e. all existing TVs, Blu-ray players, etc.) non-functional with new media.